# Aggregated Todos _Last updated: 3/4/2026, 11:10:24 AM_ ## /home/josie/development/archlinux/cockpit-pacman/todo.txt ``` ## Refinements [ ] Surface upgrade conflicts/replacements/removals for user confirmation Currently auto-answered -- can cause surprises [ ] Fix silent error swallowing when loading ignored packages Catch block in UpdatesView does nothing, user gets no feedback [ ] Fix stale closure in update selections Rapid state changes during selection can overwrite user choices ## New Features [ ] Toggle ignored packages directly from the updates list Instead of requiring the separate modal [ ] Cockpit shell notification for available updates [ ] Export/import config (ignored packages, scheduled upgrade settings) ## Not Completed (alpm limitations) [ ] Refactor remove_orphans() to use TransactionGuard RAII pattern Reverted due to alpm borrow checker conflicts - documented in CLAUDE.md ## Future Tech [ ] VOA migration when pacman adopts it VOA (Verification of OS Artifacts) replaces GnuPG keyring https://gitlab.archlinux.org/archlinux/alpm/alpm https://devblog.archlinux.page/2026/a-year-of-work-on-the-alpm-project/ Crates: voa, voa-core, voa-openpgp, voa-config Wait for libalpm adoption before migrating ``` ## /home/josie/development/archlinux/sso/todo.txt ``` josiedotlol> silly question but I keep asking myself why aur web + archlinux.org/devel aren't also using the keycloak sso. is there a historical reason for this? PM 2:37:57 josiedotlol: As far as I know, this is desired but we need someone willing to put some work on it :) PM 2:38:03 Same for the wiki for instance PM 2:39:04 Ideally we would have everything under keycloack sso, but there's no built-in keycloack integration for aurweb/archweb/wiki. So yeah.. I guess we need someone willing to invest some time in it basically. PM 2:39:50 IIRC there are opened issues (and maybe some draft PR) over on gitlab PM 2:41:07 I see... I did just add keycloak sso to some of my own web stuff recently. I could take a look at the state of things PM 2:42:41 josiedotlol: Well, that'd be greatly appreciated 馃 PM 2:43:11 josiedotlol: <-- aurweb PM 2:43:12 Title: [FastAPI] Support SSO authentication (#54) 路 Issues 路 Arch Linux / aurweb 路 GitLab (at gitlab.archlinux.org) PM 2:44:35 Found this for archweb PM 2:44:36 Title: Implement 2 Factor authentication 路 Issue #152 路 archlinux/archweb 路 GitHub (at github.com) PM 2:45:08 But well, not sure if the subject has been moved elsewhere since then PM 2:46:12 And I know there was some discussion (maybe some started efforts) for the wiki as well, but can't remember where it is PM 2:46:54 tysm <3 that's a great starting point. I'll do some more digging PM 2:47:51 You're welcome 馃 PM 5:30:49 josiedotlol: the other hard problem is the migration flows for the already existing userbases PM 5:35:55 Does it also move account support from package maintainers to DevOps as well? PM 5:35:59 Doesn't it* ``` ## /home/josie/development/archlinux/mirror-operator/todo.txt ``` https://wiki.archlinux.org/title/Mirrors https://wiki.archlinux.org/title/DeveloperWiki:NewMirrors ``` ## /home/josie/development/personal/nvim/todo.txt ``` doc preview feature? backups nitrokey ``` ## /home/josie/development/personal/algo/todo.txt ``` algo interview study tool code snippets stpe by step with optimization + commentary commentary on time complexity ``` ## /home/josie/development/personal/josiedot/health/services/todo.txt ``` ## Features ### Data #23 - Crawler of trusted sites + LLM parser to populate data #33 - Add more generic meds for ;info and ;combo Annotations for cannabis strains to break down THC/CBD content ### Infrastructure #41 - Update compose.yml for local dev #44 - API client shard that can be imported by bots Decommission irc-ingestion (replaced by irc-bot) ### API General formatting and naming structure more consistent Improve performance ## Security Issues ### Critical (Fix Immediately) | Issue | Location | Description | |-------|----------|-------------| | Default Credentials | | Falls back to admin/admin if env vars not set | core/src/router.cr:43-44 ### High Priority | Issue | Location | Description | |-------|----------|-------------| | CSV Timestamp Manipulation | core/src/handlers/log_handler.cr | Import accepts any timestamp (year 1900, future dates) | | CSV Formula Injection | core/src/csv_parser.cr | =cmd payloads could execute in Excel when exported | ### Medium Priority | Issue | Location | Description | |-------|----------|-------------| | Timing Attack on Password | | Uses == instead of constant-time comparison | core/src/router.cr:221 | Overly Permissive CORS | | Access-Control-Allow-Origin: * | core/src/router.cr:63 | Missing Security Headers | core/src/router.cr | No X-Frame-Options, CSP, HSTS | | Race Condition in Webhook Hash | | No mutex on | @pending_requests discord-bot/src/webhook_server.cr:11 ### Low Priority | Issue | Location | Description | |-------|----------|-------------| | No TLS Config on HTTP Client | discord-bot/src/api_client.cr | No cert validation configured | ``` ## /home/josie/development/personal/josiedot/health/todo.txt ``` josiedotdesign whitelist some networks + vpn for direct access to some site like josiedot design that normally require sso ``` ## /home/josie/development/personal/neoche/todo.txt ``` clean up so we can opensource this remove hardcoded dotfiles repo URL from editor-definition.yaml remove quay.io/pfeifferj references, make registry configurable remove cluster-specific docs from README (PV paths, namespace names) audit secrets/tokens are not committed anywhere add options for zsh to mirror local setup bootstrap zsh + oh-my-zsh in entrypoint copy .zshrc and .p10k.zsh from dotfiles repo make SHELL env var configurable (default sh, option for zsh/bash) check if UDI already ships zsh or if it needs to be installed pack more tools ripgrep, fd, fzf (telescope deps) lazygit node/npm for LSP servers language servers (lua-language-server, pyright, gopls, etc.) nerd font support in ttyd (or fallback icons) auto init plugins run lazy.nvim sync non-interactively before launching ttyd pre-compile treesitter parsers during entrypoint cache plugins in persistent volume so they survive restarts headless nvim pass: nvim --headless " sync" +Lazy! +qa ``` ## /home/josie/development/services/gpu-euw-container-mom/todo.txt ``` trustree gpu attestation kata modelserving josiegpt based on granite expose some shit publically or set up vpn ``` ## /home/josie/development/kubernetes/karpenter-ibm/todo.txt ``` IKS testing get the infra stuff set up fix e2e neverending story blog posts increase adoption? Helm chart in ArtifactHub CNCF case study once there's production usage Cost estimation integration with IBM Cloud billing ``` ## /home/josie/development/irc-now/crates/soju-operator/todo.txt ``` kube.rs soju config in CRD mount configmap/secrets certmanager? networking stuff ...https://codeberg.org/emersion/soju/src/branch/master/doc/getting-started.md ...https://codeberg.org/emersion/soju/src/branch/master/doc/getting-started.md ...https://codeberg.org/emersion/soju/src/branch/master/doc/getting-started.md ``` ## /home/josie/development/irc-now/todo.txt ``` --- backlog --- migration tool for irc cloud users custom domains cname endpoint (proxy, not default router fqdn) invite system. initially user registration should be invite only --- business/marketing (non-code) --- imprint magickly llp uk sticker ideas company directory: mission, vision, products, strategy, marketing voice ``` ## /home/josie/development/knot-operator/todo.txt ``` make it a tangled operator tha can also host spindles => @./loom ``` ## /home/josie/development/crystal/cr/crystal-github-actions/todo.txt ``` fmt on PR docs on PR/release - ```